cookie-session icon indicating copy to clipboard operation
cookie-session copied to clipboard

Published 20 hours ago verified publisher icon expressjs

Secure flag is ignored

Open hk-skit opened this issue 8 months ago • 0 comments

I have following setup for cookie session middleware in my express app:

app.use(
  cookieSession({
    name: '__session',
    keys: [env.COOKIE_SIGNING_SECRET],
    maxAge: COOKIE_MAX_AGE,
    sameSite: 'none',
    httpOnly: true,
    secure: false,
    signed: true,
  })
);

When a request is made from client, the response doesn't have Secure attribute in Set Cookie header. Please refer to attached screenshot for more details.

image

Because of the missing Secure attribute chrome doesn't store the cookie. It works fine in Safari and Firefox. How do i set the value of secure attribute?

Thanks.

hk-skit avatar Jun 18 '24 12:06 hk-skit